Diicot Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (37)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en24
es6
fr4
ru2
pt2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us38

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

STRRAT1
AsyncRAT1
Mirai1
Stealc1
Ave Maria1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined20
Content Management System6
E-Commerce Management Software2
Wireless LAN Software2
Photo Gallery Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined8
Joomla4
Dcscripts2
Dmasoftlab2
Sophos2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Joomla CMS4
Dcscripts Dcshop2
osCommerce2
cmsimple2
Dmasoftlab Radius Manager2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DUware DUpaypal detail.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.004210.02CVE-2006-6365
2TOTOLINK T8 Telnet Service product.ini hard-coded credentials6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.010380.00CVE-2023-24155
3NAVER Whale Browser Mobile App Incognito Mode access control5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000720.00CVE-2020-9754
4Sophos Web Appliance Change Password Dialog Box index.php access control7.56.5$0-$5k$0-$5kHighOfficial Fix0.243060.00CVE-2014-2849
5Dell EMC PowerScale OneFS master.passwd omission of security-relevant information4.14.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000440.00CVE-2022-22563
6phpBB posting.php Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002360.00CVE-2010-1630
7myPHPNuke links.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.004780.00CVE-2003-1372
8cmsimple index.php path traversal7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.063440.04CVE-2008-2650
9Mariovaldez Simple Text-File Login Script slogin_lib.inc.php code injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.007880.02CVE-2008-5763
10Cacti graphs.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.007680.01CVE-2015-4634
11AWStats awstats.pl pathname traversal5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.004990.03CVE-2020-35176
12PhotoPost PhotoPost vBGallery File Upload upload.php input validation6.35.8$0-$5k$0-$5kProof-of-ConceptUnavailable0.005460.06CVE-2008-7088
13RapidShare Database default.asp cross site scripting4.34.3$0-$5k$0-$5kHighUnavailable0.001930.04CVE-2007-6674
14HP Integrated Lights-Out privileges management8.17.1$5k-$25k$0-$5kUnprovenOfficial Fix0.050390.00CVE-2014-7876
15Joomla CMS File Upload media.php input validation6.36.0$5k-$25k$0-$5kHighOfficial Fix0.798640.08CVE-2013-5576
16PHP strspn numeric error7.36.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.258250.00CVE-2007-2872
17Dmasoftlab Radius Manager admin.php cross site scripting3.53.5$0-$5k$0-$5kHighUnavailable0.001020.00CVE-2010-4275
18Dcscripts Dcshop HTTP GET Request auth_user_file.txt Password information disclosure5.35.2$0-$5k$0-$5kNot DefinedWorkaround0.007550.04CVE-2001-0821
19Joomla CMS index.php privileges management7.06.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.029580.00CVE-2012-1563
20PhotoPost PHP Pro showproduct.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002760.04CVE-2004-0250

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.88.67.94Diicot06/16/2023verifiedHigh
2XX.XX.XX.XXXXxxxxx06/16/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (44)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/etc/master.passwdpredictiveHigh
2File/index.phppredictiveMedium
3File/web_cste/cgi-bin/product.inipredictiveHigh
4Fileadmin.phppredictiveMedium
5Fileadmin/scripts/FileUploader/php.phppredictiveHigh
6Fileadministrator/components/com_media/helpers/media.phppredictiveHigh
7Filexxx-xxx/xxxxxxx.xxpredictiveHigh
8Filexxxxxxx.xxxpredictiveMedium
9Filexxxxxx.xxxpredictiveMedium
10Filexxxxxx.xxxpredictiveMedium
11Filexxxx_xxxxxx.xxxpredictiveHigh
12Filexxxxxx-xxxxxxxxxx-xxxxxx.xxxpredictiveHigh
13Filexxxxx.xxxpredictiveMedium
14Filexxxxxxxxxx/xxxxx.xxpredictiveHigh
15Filexxxxx.xxxpredictiveMedium
16Filexxxxxxxx.xxxpredictiveMedium
17Filexxxxxx.xxx/xxxx_xxxx_xxxx.xxxpredictiveHigh
18Filexxxxxxx.xxxpredictiveMedium
19Filexxxxx.xxxpredictiveMedium
20Filexxxx.xxxpredictiveMedium
21Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
22Filexxxxxxxxxxx.xxxpredictiveHigh
23Filexxxxxx.xxxpredictiveMedium
24Libraryxxxxxx_xxx.xxx.xxxpredictiveHigh
25Argument?xxxx_xxxx=xxxxxxx.xxx/xxxx=xxxxxx/xxx=xxx+/xxx/.xxxxxxxx/xxxxxxx=//xxxxxxxxxxxxxx.xxx=xpredictiveHigh
26ArgumentxxxxxxxxpredictiveMedium
27ArgumentxxxpredictiveLow
28ArgumentxxxxxxxpredictiveLow
29ArgumentxxxxxxpredictiveLow
30ArgumentxxxxxpredictiveLow
31ArgumentxxxxxpredictiveLow
32ArgumentxxxxpredictiveLow
33Argumentxxxxx[xxxxxx]predictiveHigh
34Argumentxxxxx_xxxxx_xxpredictiveHigh
35ArgumentxxxxxpredictiveLow
36Argumentxxx_xxpredictiveLow
37ArgumentxxxxxxpredictiveLow
38ArgumentxxxxpredictiveLow
39ArgumentxxxxxxxxpredictiveMedium
40Argumentxxxxxxx/xxxxxpredictiveHigh
41ArgumentxxpredictiveLow
42Argumentxxxxxx_xxxxpredictiveMedium
43ArgumentxxxxxxpredictiveLow
44Input Valuexxxxxx_xxxxxxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!